SS7 Security of Zambia

Country Mobile Network Worldwide Rank 55 / 164

Tweet about Zambia SS7 security:

Scores for 2 operators surveyed

[+] Show all details [-] Hide all details
+ Global Risk level 55 / 164

Zambia is the 55th best country in the world for SS7 security.

Global Risk level combines Privacy Leaks (subscriber informations leaks) and Network Exposure (operators exposure), giving more importance to Privacy Leaks.

+ Privacy Risk level 56 / 164

Zambia is the 56th best country to protect its customers against privacy leaks.

Privacy Leaks represents all subscriber privacy leaks from all operators of specific country. This includes subscribers location, subscriber private data and subscriber encryption keys.

+ SS7 messages disclosing subscriber city location 4

Zambia allows 4 SS7 MAP messages to leak subscriber city location.

+ SS7 messages disclosing subscriber street location 2

Zambia allows 2 SS7 MAP messages to leak precise street-level subscriber location (200m).

+ SS7 messages disclosing private informations 4

Zambia allows 4 SS7 MAP messages to leak subscriber IMSI.

+ Leak of subscriber keys 1

Zambia has 1 operators that leak subscriber keys.

Leak of subscriber keys allows an attacker to decrypt calls and SMS of subscriber, by impersonating the network using a fake base station.

+ Leak of prepaid/postpaid status 1

Zambia has 1 operators that leak subscriber prepaid/postpaid status.

Leak of subscriber prepaid/postpaid status allows an attacker to gather informations about the status of a subscriber from the operators databases, to prepare for fraud.

+ Leak subscriber location through Home Routing bypass ?
+ Network Exposure level 128 / 164

Zambia is the 128th best protected SS7 network in the world.

Network Exposure includes Network Elements exposed and security mechanism implemented by operators of a given country. It shows the attack surface of the Telecom Network of a country from the SS7 perspective.

+ SCCP discovery attack surface 59

Zambia has 59 Core Network Elements identified over SS7 SCCP.

The more Core Network Elements are exposed (reachable directly from the International SS7 Network), the more entry points an attacker has on operators SS7 Core Network.

+ Network Elements fingerprint 59

Zambia has 59 Core Network Elements successfully fingerprinted over SS7 SCCP.

Precise identification of Core Network Elements allows attackers to have a better understanding of the internals of operators networks, allowing easier further attacks.

+ Potential change of prepaid/postpaid status (fraud) 1

Zambia has 1 operators susceptible to fraud via change of prepaid/postpaid status.

+ Home Routing* 1

Zambia has 1 operators implementing Home Routing.

Home Routing is a Operator Network feature that hides the MSC (city location) and IMSI of the subscriber in several SS7 MAP messages.

*Home Routing detection in SS7map is still in BETA phase.

+ Leak of internal topology through Home Routing bypass ?

For more explanations about the ratings, see our blog post.

Operators tested
0 well secured
1 with medium security
1 badly secured
2 surveyed operator / 4 operators

SS7map project is research in progress: the data is purely indicative and subject to change.